The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware prior to 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote malicious users to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hp integrated_lights-out_3_firmware |